Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
461462463464465466467468469470
7-16
Virtual Private Networks
IPsec VPNs
You can configure IKE config mode only for an IPsec policy that specifies
Auto (with IKEv1) for Key Management and that specifies a client-to-site
IKEv1 policy. Each IKEv1 client-to-site policy supports only one IP
address pool.
Microsoft Windows VPN clients and IPSecuritas for Macintosh VPN cli-
ents do not support the TMS zl Module implementation of IKE mode
config.
When configuring the IPsec policy for IKE mode config, on the traffic
selector (Step 1 of 4):
Local Address must be the local addresses behind the TMS zl Module.
You must specify these addresses manually instead of selecting a
named object or Any.
Remote Address must be the IKE mode config addresses.
When configuring firewall access policies for VPNs that use IKE mode
config, you must permit traffic between the local zone and the IKE mode
config zone.
IKE mode config addresses are assigned to a VLAN that is designated
irstintXXX on Network > Routing > View Routes, where XXX is a unique three-
digit number. Do not create a VLAN association for this VLAN or you will
get IP address conflicts.
On Network > Routing > View Routes, the irstintXXX VLAN appears as a
connected route.
Advanced IPsec Features
The TMS zl Module supports these advanced features:
IP compression
Customizable anti-replay window size
Extended sequence number
Re-key on sequence number overflow
Persistent tunnels
Fragmentation before IPsec
The copying of values from the original IP header
The section below describes these features. Table 7-2 indicates which features
are enabled by default and other default settings.